Vulnerability in Siemens Nucleus Net

CVE-2021-27393

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers…

EPSS: 0.002 (44.4th percentile) — read the EPSS interpretation.

Affected products

Siemens Nucleus Net — versions All versions
Siemens Nucleus Readystart V3 — versions All versions < V2013.08
Siemens Nucleus Source Code — versions Versions including affected DNS modules

Weakness classification (CWE)

CWE-330 — Use of Insufficiently Random Values

References

cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf (x_refsource_MISC)